As the world marks Data Privacy Day, which is celebrated on 28 January every year, cyber security firm IT Governance
calls for improved data security through the implementation of information security best practice.
Despite increased efforts from governments and businesses to tighten security around personally identifiable information (PII), recent incidents like Sony Pictures Entertainment’s data breach have proved this to be a big challenge. PII is an attractive target for cyber criminals and more than goodwill is required to cope with the problem.
Alan Calder, founder and executive chairman of IT Governance
, says, “It is alarming that year on year the number of incidents involving the theft or compromise of personally identifiable information has been increasing instead of decreasing. This implies that the measures that are being taken are either insufficient or ineffective.
“Improving data security requires a holistic approach that takes into account all aspects necessary to establish a comprehensive data protection regime. It goes beyond the key principles of data protection and requires the implementation of information security best practice, which underpins the majority of global privacy regulations, such as the Data Protection Act in the UK and the EU’s upcoming General Data Protection Regulation.”
The recent Data Protection Compliance - Research Report
by IT Governance found that in the UK a total of 66 enforcement notices for Data Protection Act (DPA) infringements were issued by the Information Commissioner’s Office (ICO) between January 2013 and October 2014, resulting in £2,170,000 in monetary penalties.
The research revealed that employee error and negligence were the most common causes of data breaches.
Calder says, “Our research clearly highlights the lack of due diligence in data protection and poor information security. With the continued proliferation of data breaches, companies cannot afford to be complacent about data protection and must act immediately.”
In order to tackle data protection, many companies worldwide are turning to ISO 27001, the international standard for information security. It encapsulates the information security elements of the majority of global privacy regulations by providing a comprehensive framework for developing and implementing an auditable information security management system (ISMS). Adhering to ISO 27001 enables companies to take a strategic approach to information security and strengthen the protection of PII.
IT Governance has revolutionised the way organisations can get expert information security help by introducing ISO 27001 packaged solutions that are delivered online and can be accessed globally. Each of the four solutions – ‘Do It Yourself
’, ‘Get A Little Help
’, ‘Get A Lot of Help
’ and ‘We’ll Do It for You
’ – is available at a transparent price that enables any organisation, anywhere in the world, to know exactly what their chosen journey to ISO 27001 certification will cost them.
More information is available at www.itgovernance.co.uk/iso27001-solutions.aspx